P
US8914637B2ActiveUtilityPatentIndex 48

System for enabling digital signature auditing

Assignee: OSBORNE MICHAEL CHARLESPriority: Mar 16, 2011Filed: Aug 23, 2012Granted: Dec 16, 2014
Est. expiryMar 16, 2031(~4.7 yrs left)· nominal 20-yr term from priority
Inventors:OSBORNE MICHAEL CHARLESVISEGRADY TAMAS
H04L 9/3247H04L 2209/38H04L 9/50
48
PatentIndex Score
1
Cited by
16
References
19
Claims

Abstract

A computer method, computer system, and article for enabling digital signature auditing. The method includes the steps of: receiving at least one signature request issued by at least one application, forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data, storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, where the reference system state and the updated system state attest to the at least one signature request, and repeating the above steps, using the updated system state as a new reference system state, where the steps of the method are executed at a server of a computerized system.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for enabling digital signature auditing, implemented in a computerized system comprising a server communicating with applications, wherein the method comprises the steps of:
 receiving at least one signature request issued by at least one of the applications; 
 forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data; 
 storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, wherein the reference system state and the updated system state attest to the at least one signature request; and 
 repeating the above steps, using the updated system state as a new reference system state, 
 wherein the steps of the method are executed at the server of the computerized system. 
 
     
     
       2. The method according to  claim 1  further comprising the step of: receiving at least one response from the at least one signing entity in response to forwarding the first data, wherein the second data comprises a third data corresponding to data in the at least one received response. 
     
     
       3. The method according to  claim 2 , wherein the first data forwarded retains at most one signature request per requesting application. 
     
     
       4. The method according to  claim 1 , wherein the updated system state is computed using a function of i) a previous system state and ii) the second data, wherein the second data corresponds to signature requests received from at least two distinct applications. 
     
     
       5. The method according to  claim 4 , wherein the storing step further comprises storing a set of aggregated data obtained by aggregating the second data into a sequence of system states comprising the reference system state and the updated system state, and the aggregating step further comprises interlacing the second data into the sequence of system states. 
     
     
       6. The method according to  claim 1 , wherein the forwarding step further comprises dispatching a set of first data subsets to respective signing entities for subsequent signature of the first data subsets, wherein each of the first data subsets corresponds to respective signature requests received at the server. 
     
     
       7. The method for  claim 6 , wherein the decision as to when to dispatch is decided at the server based on timing constraints by using quantized time periods. 
     
     
       8. The method according to  claim 7  further comprising the step of: delaying the received at least one signature request prior to forwarding the corresponding first data, while previously forwarded data are being signed at the at least one signing entity. 
     
     
       9. The method according to  claim 1 , wherein the storing step further comprises storing a set of aggregated data obtained by aggregating the second data into a sequence of system states comprising the reference system state and the updated system state, and wherein the method further comprises the steps of:
 receiving a query from at least one of the applications; and 
 responding to the at least one querying application based on the set of aggregated data. 
 
     
     
       10. The method according to  claim 1  further comprising the step of: receiving responses from the at least one signing entity, in response to forwarding the first data, wherein the responses comprise trusted time data. 
     
     
       11. The method according to  claim 1 , wherein the at least one signing entity is a hardware security module. 
     
     
       12. The method according to  claim 1  further comprising the step of:
 auditing either i) the at least one signature request or ii) data related to the at least one signature request based on the reference system state and the updated system state. 
 
     
     
       13. The method according to  claim 1 , wherein the function is a non-reversible function. 
     
     
       14. A non-transitory article of manufacture tangibly embodying computer readable instructions, which when executed on a computer device cause the computer device to execute the steps of a method for enabling digital signature auditing of a server communicating with applications, wherein the method comprises the steps of:
 receiving at least one signature request issued by at least one of the applications; 
 forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data; 
 storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, wherein the reference system state and the updated system state attest to the at least one signature request; and 
 repeating the above steps, using the updated system state as a new reference system state. 
 
     
     
       15. The article according to  claim 14 , wherein the method further comprises the step of: receiving at least one response from the at least one signing entity in response to forwarding the first data, wherein the second data comprises a third data corresponding to data in the at least one received response. 
     
     
       16. The article according to  claim 15 , wherein the first data forwarded retains at most one signature request per requesting application. 
     
     
       17. The article according to  claim 14 , wherein the updated system state is computed using a function of i) a previous system state and ii) the second data, wherein the second data corresponds to signature requests received from at least two distinct applications. 
     
     
       18. The article according to  claim 17 , wherein the storing step further comprises storing a set of aggregated data obtained by aggregating the second data into a sequence of system states comprising the reference system state and the updated system state, and the aggregating step further comprises interlacing the second data into the sequence of system states. 
     
     
       19. The article according to  claim 14 , wherein the forwarding step further comprises dispatching a set of first data subsets to respective signing entities for subsequent signature of the first data subsets, wherein each of the first data subsets corresponds to respective signature requests received at the server.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.